[Pkg-haproxy-maintainers] Bug#790871: Bug#790871: haproxy install should restart rsyslog
olav.morken at uninett.no
Fri Jul 3 13:22:45 UTC 2015
[I'm resending this message to the bug tracker because I accidentally forgot
to include it in the recipient list.]
On 2015-07-02 19:13, Vincent Bernat wrote:
> ❦ 2 juillet 2015 16:49 +0200, Vincent Bernat <bernat at debian.org> :
>>> When haproxy is installed, it adds a file:
>>> This file configures:
>>> * A log socket in the HAProxy chroot
>>> * A separate log file for HAProxy log messages.
>>> However, after this file is installed, rsyslog is not restarted. The
>>> result is that the log configuration doesn't work until the user
>>> discovers this and manually restarts rsyslog.
>>> It would be nice if this could be done during package
>>> installation. Maybe something like this in `haproxy.postinst` would
>>> if [ -x '/etc/init.d/rsyslog' ]; then
>>> invoke-rc.d rsyslog restart
>> I agree that we should signal to rsyslog that there is a new
>> file. However, are we allowed to restart an "unrelated" service?
> I have pointed to the fact that rsyslog may also have an upgrade running
> and therefore stopped and restart would start it again and the start
> operation would fail.
> I am afraid that triggering a restart from another postinst script will
> just pile up additional bugs.
That's unfortunate, but understandable.
I still think something should be done, but I don't have any good
suggestions. Mentioning it in documentation could work, but I wouldn't
expect people to read that when installing the package. Maybe at least
mention it in the relevant location in haproxy.cfg?
An extreme solution would be to disable chroot by default, not
installing any files for rsyslog and logrotate, but leave a comment in
log /dev/log local0
log /dev/log local1 notice
# If you enable chroot, you will have to provide a log
# socket inside the chroot. See
# /usr/share/doc/haproxy/haproxy-rsyslog.conf for an
# example of how rsyslog can be configured to provide such a
# chroot /var/lib/haproxy
That way at least the administrator wouldn't be suprised by the lack of
Btw.: I had a look at what the rsyslog package does, since that package
also drops a file in rsyslog.d that adds an additional log socket, but
that package does not suffer from the same problem as haproxy. It opens
the log socket before chrooting, so it can continue to send log messages
to it from inside the chroot jail. See:
More information about the Pkg-haproxy-maintainers